Re: multiplexing -- don't do it

On 03.04.2012 10:36, Mike Belshe wrote:
> On Mon, Apr 2, 2012 at 3:28 PM, Adrien W. de Croy wrote:
>
>>
>> ------ Original Message ------
>> From: "Roberto Peon"
>>
>> I don't trust proxies... hopefully that is apparent, but I'm asking 
>> for
>> explicit support for them and attempting to deny support for non 
>> explicit
>> proxies.
>>
>> I don't have a problem with proxy usage moving to explicit only.  
>> We've
>> been trying to get customers to move in that direction for years.
>>
>> Customers do like using interception though.  Educating them costs 
>> money.
>> Not providing the feature would cost us sales, until we could get
>> commitment from every other vendor to deprecate the feature.
>>
>> if 2.0 can fix this by providing a path forward which doesn't allow 
>> it,
>> then everyone will be in the same boat, which is fine with me.
>>
>
> If we got SSL interception to work with trusted proxies, it would be 
> a huge
> feature to a lot of corporate sites. Not having to roll out SSL MITM 
> is
> really valuable to them.
>
> I'm 100% sure that Chrome & Firefox would get behind a solution which
> enforced SSL more often and required browsers to support more 
> features with
> trusted SSL to proxies.

The 8+ years we have had bugs open against Firefox explaining the 
use-cases, what is needed and even describing potential configuration 
specs say otherwise.
Instead admin are forced to rollout a Firefox proxy config plugin which 
almost but not quite works, and these days both of them breaks for a few 
weeks out of each month.

Me and hundreds of other admin annoyed? yes. Meanwhile we have MITM, 
and countless others don't even bother to voice their opinions about it, 
just jump straight to MITM.

AYJ

Received on Monday, 2 April 2012 23:47:54 UTC